Malware

Malware.AI.3450714106 removal guide

Malware Removal

The Malware.AI.3450714106 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.3450714106 virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Scheduled file move on reboot detected
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Tries to suspend Cuckoo threads to prevent logging of malicious activity
  • Deletes its original binary from disk
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics
  • Uses suspicious command line tools or Windows utilities

Related domains:

wpad.local-net

How to determine Malware.AI.3450714106?



File Info:

name: 7172FBF640B2687ED59D.mlw
path: /opt/CAPEv2/storage/binaries/13194e0c7b12c38050291141888422271e1d3335343c58f1aa18a28d773b37a9
crc32: 69496982
md5: 7172fbf640b2687ed59debfb1c7bc9ba
sha1: 8645090f9849bbf807353358040fd02e800bb057
sha256: 13194e0c7b12c38050291141888422271e1d3335343c58f1aa18a28d773b37a9
sha512: 5d61075b463cbe00ef57c52aee64cec0752a955dc7093a6cfc60da5864b681f35acf3f3cf7ba45c63b3bedf3ed3e43735152c79a09a9cbe81dc47fbcd16d8997
ssdeep: 98304:8Me4Pc9MH1THFBbdWcZcCyd8G/jjIqMkQvjb9TIlkF/g1pizj9j9PyyvdzVO:8MexqH1TlBbLcCyLjIqMv7e1aJZyyvZY
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T172363347A38F1EE9EC068638FF517CD0267231681F1ACC2E79C9DE85271B575A610BA3
sha3_384: 5754a13eda0845c3e4e1a0fb9772291b35d49044d387793e90ff4ac94b4e776b4dfc785e01e5c53710630b6c41000ff9
ep_bytes: eb08e75b350000000000e9ecaed2ff48
timestamp: 2018-05-08 12:43:12


Version Info:

CompanyName: Tblrddd Epxpajkdgcpog Gtyaeqlpvfv
FileDescription: Zpezumxlor Mytjzpixsbdjyt Xwuaznqyql Vkrvtkpm
FileVersion: 9,2,5,1706
LegalCopyright: © 2000-2014 Epxpajkdgcpog Zpezumxlor Mytjzpixsbdjyt. All Rights Reserved.
LegalTrademarks: Gtyaeqlpvfv Mytjzpixsbdjyt Tblrddd Vkrvtkpm Zpezumxlor
ProductName: Zpezumxlor Tblrddd Vkrvtkpm
ProductVersion: 7,6,15,778
InternalName: Zpezumxlor
OriginalFilename: pezumxlor.exe
Translation: 0x0000 0x0000

Malware.AI.3450714106 also known as:

LionicTrojan.Win64.Miner.4!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.7172fbf640b2687e
ALYacGen:Variant.Bulz.413466
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusTrojan ( 7000001d1 )
AlibabaTrojan:Win64/Miner.cda707bc
K7GWTrojan ( 7000001d1 )
CrowdStrikewin/malicious_confidence_60% (W)
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of Win64/CoinMiner.NC potentially unwanted
Paloaltogeneric.ml
ClamAVWin.Malware.Vmprotect-6824127-0
KasperskyTrojan.Win64.Miner.ect
BitDefenderGen:Variant.Bulz.413466
NANO-AntivirusTrojan.Win64.Black.fcnify
MicroWorld-eScanGen:Variant.Bulz.413466
AvastWin32:XMRigMiner-AE [Miner]
TencentWin64.Trojan.Miner.Afre
Ad-AwareGen:Variant.Bulz.413466
EmsisoftGen:Variant.Bulz.413466 (B)
ComodoMalware@#10ke3e6m3g6vq
TrendMicroTROJ_GEN.R002C0PH321
McAfee-GW-EditionPacked-GV!7172FBF640B2
SophosMal/Generic-S + XMRig Miner (PUA)
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.Bulz.413466
JiangminTrojan.Miner.dem
AviraTR/Black.Gen2
MAXmalware (ai score=96)
Antiy-AVLTrojan/Generic.ASMalwS.2630CB4
MicrosoftTrojan:Win32/Wacatac.B!ml
AhnLab-V3Unwanted/Win64.XMR-Miner.R223760
Acronissuspicious
McAfeePacked-GV!7172FBF640B2
VBA32Trojan.Win64.Miner
MalwarebytesMalware.AI.3450714106
TrendMicro-HouseCallTROJ_GEN.R002C0PH321
YandexTrojan.GenAsa!aWrkgPs6lEI
IkarusTrojan.Win32.VMProtect
FortinetW32/Packed.GV!tr
AVGWin32:XMRigMiner-AE [Miner]
PandaTrj/CI.A

How to remove Malware.AI.3450714106?

Malware.AI.3450714106 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment